Skip to content

Linux

Linux: Systemd

Basics

systemd controls how services start, stop, and interact with the system during boot and runtime.

Units

Systemd units defines how each part of the system behaves

  • Services: controls programs and background processes like web servers or networks service
  • Targets: define system states such as multi-user or graphical environments
  • Mounts: handle file systems and ensures disks and network shares are properly attached and available
  • Timers: Trigger services to run at specific times or intervals

System mount unit files are stored in:

/etc/systemd/system/ 

/usr/lib/systemd/system/

Services

Services manage daemons and applications that run in the background. The service file controls how programs start, stop, and behave under different conditions. A service unit file usually contains 3 sections:

  • [Unit]: Requires= and Wants= define dependencies. Before= and After= determine the order in which services start
  • [Service]: Type= defines process behavior. ExecStart= specifies the start command. ExecStop defines how to stop the service. Users= defines non-root execution account. If omitted, the service starts with the root user.
  • [Install]: WantedBy and RequiredBy= defines startup target

example:

[Unit]
Description= Start web app
After=network.target

[Service]
Type=simple
User=appuser
ExecStart=/usr/local/bin/webapp.sh
ExecStop=/bin/kill $MAINPID

[Install]
WantedBy=multi-user.target

Use the following commands to manage the service

systemctl start webapp # to start the service

systemctl enable webapp # to start the service automatically at boot time

systemctl restart webapp # to restart the service

systemctl disable webapp # to disable the service at boot time

systemctl stop webapp # to stop 

systemctl status webapp # to check the service status

journalctl -u webapp # to view the service logs

Targets

Targets defines system states by grouping units together. The common targets include:

  • poweroff.target
  • rescue.target
  • multi-user.target: non-graphical multi-user system
  • graphical.target: a full GUI session that includes everything in the multi-suer.target
  • reboot.target
  • network-online.target: used when services must wait for full network connectivity
  • emergency.target

here are some useful commands:

systemctl get-default # to see the current target

systemctl set-default graphical.target # to set the current target

systemctl isolate graphical.target # to immediately switch a target

systemctl list-units --type=target # to list all targets

When using WantedBy=multi-user.target, you are telling that service to start when the system reaches that target.

Mounts

Defines and automate how file systems are mounted using systemd.

example:

[Unit]
Description=Mount external drive
After=local-fs.target

[Mount]
What=/dev/sdb1 # what location to mount
Where=/mnt/drive # mount point
Type=ext4 # file system type
Options=defaults # mount options

[Install]
WantedBy=multi-user.target

Timers

They are used to schedule tasks to replace or enhance what traditional cron jobs do. They are usually paired with a service file and tells systemd when that service should be started. OnBootSect= directive defiles a delay after system boot before the timer activates. OnCalendar= allows calendar-style scheduling.

example:

[Unit]
Description=Run backup every day at 2AM

[Timer]
OnCalendar=*-*-* 02:00:00 # run at specific time
Persistent=true

[Install]
WantedBy=timers.target

Useful commands are:

systemctl list-timers # to list active timers

systemctl start work.timer # to start a timer

systemctl enable work.timer # to enable a timer at boot

systemctl stop work.timer # to stop a timer

systemctl status work.timer # to check the status of a time

Management Utilities

  • systemctl: It is used to manage systemd units.
  • hostnamectl: manages the system's hostname
  • sysctl: manages the system's kernel

example:

hostnamectl set-hostname host1 # to set a permanent hostname of the system

sysctl -a # to view all parameters

sysctl <NAME> # to view a selected parameter

systctl -w <NAME>=<VALUE> # set a parameter

systemctl edit <UNIT> # to edit a systemd unit without changing the original unit file. ex: systemctl edit nginx.service

systemctl daemon-reload # to reload a systemd unit and apply any new or changed configurations

Configuration Utilities

  • systemd-resolved is a background service that manages DNS resolution and caching for the system.
  • resolvectl is a command line utility for interacting with systemd-resolved.
  • timedatectl allows managing the system clock, timezone, and NTP synchronization.

Useful commands include:

resolvectl status # to see the status of systemd-resolved service

resolvectl query <HOSTNAME> # to see which ip address a hostname resolve to

timedatectl status # to check the system's clock configuration

timedatectl set-timezone <REGION/CITY> # to set the timezone of the system. ex: timedatectl set-timezone America/Chicago

timedatectl set-time "YYYY-MM-DD HH:MM:SS" # to set the system time

timedatectl set-ntp <true or false> # to set whether NTP should be used in the system or not

Diagnosis and Analysis Tools

systemd-analyze reports total boot time and breaks it down into key stages such as firmware, kernel, and user space. It is useful for troubleshooting slow boot time

useful command:

systemd-analyze # to see the system's boot time

systemd-analyze blame # to list services take the longest to start

systemd-analyze security # to see security analysis of services

Linux: Software Configuration and Management

Basics

  • Debian-based systems use apt
  • RHEL-based systems use yum and dnf
  • openSUSE systems use Zypper

Package Managers

We use package managers to search, install, configure, update, and remove software in Linux environments.

apt - Debian-based systems

  • apt update to update all package list
  • apt upgrade to update all packages
  • apt install <PACKAGE> to install a package
  • apt remove <PACKAGE> to remove a package
  • apt show <PACKAGE> to show package details
  • apt search <PACKAGE> to search for a package
  • apt purge <PACKAGE> to delete a package and associated file
  • apt list --installed to show all installed packages
  • apt clean to clear cached downloaded packages
  • apt full-upgrade to the system distribution
  • apt depends <PACKAGE> to show package dependencies
  • apt rdepends <PACKAGE> to show packages that depend on the selected package
  • apt-mark hold <PACKAGE> to lock a package at its current version
  • apt-mark unhold <PACKAGE> to unhold a currently held package
  • apt-mark showhold to show packages currently on hold

dnf - REHL-based systems

  • dnf check-update to update all package list
  • dnf upgrade to update all packages
  • dnf install <PACKAGE> to install a package
  • dnf remove <PACKAGE> to remove a package
  • dnf search <PACKAGE> to search for a package
  • dnf list installed to view all installed packages
  • dnf clean all to clear cached packages
  • dnf history to show transaction history
  • dnf repolist to list enabled repositories
  • dnf versionlock list to list all locked packages
  • dnf versionlock clear to clear all locked packages
  • dnf versionlock add <PACKAGE> to lock a package at its current version
  • dnf versionlock delete <PACKAGE> to delete a "version locked" package
  • dnf config-manager --set-enabled <REPO NAME> to enable a repository
  • dnf config-manager --set-disabled <REPO NAME> to disable a repository

pacman - Arch-based systems

  • pacman -Sy to update all package list
  • pacman -Su to update all packages
  • pacman -S <PACKAGE> to install a package
  • pacman -R <PACKAGE> to remove a package
  • pacman -Ss <PACKAGE> to search for a package
  • pacman -Qi <PACKAGE> to view a package details
  • pacman -Q to list all installed packages
  • pacman -Sc to clear cached packages

zypper - openSUSE-based systems

  • zypper refresh or zypper ref to update all package list
  • zypper upgrade or zypper up to update all packages
  • zypper upgrade <PACKAGE to update a single package
  • zypper info <PACKAGE to view package details
  • zypper install <PACKAGE> or zypper in <PACKAGE> to install a package
  • zypper remove <PACKAGE> or zypper rm <PACKAGE> to remove a package
  • zypper search <PACKAGE> or zypper se <PACKAGE> to search for a package
  • zypper patch-check to check for important patches
  • zypper al <PACKAGE> (add lock) locks a package to prevent it from being updated or removed during system updates
  • zypper rl <PACKAGE> (remove lock) removes a lock
  • zypper mr -d (modify repository) to disable a repository

Source Installation

It is a method used to install software when it is not available in repositories or when it requires a custom build.

Installing a software from source usually includes the following steps:

  • ./configure to configure the system
  • make to build the software
  • make install to install the newly built software
  • make clean to remove temporary build files

GNU GPG Signatures

GNU GNU Not Unix. Used to verify the authenticity of software packages, and files

GPG GNU Privacy Guard - is used to encrypt and sign data.

GPG usage

gpg --import <KEY FILE> to import a public key. ex: gpg --import developer_public_key.asc

gpg --verify <SIGNATURE FILE> <PACKAGE> to verify a signed package. ex: gpg --verify my_program.tar.gz.sig my_program.tar.gz

gpg --list-keys to list all trusted keys

Linux: Processes

Basics

The kernel tags running command with an identifier called PID = Process ID. The kernel also records the relationships between one process, called the Parent Process, and any process it creates by assigning a second number.

Process ID - PID

The PID is used by the kernel to allocated system resources to a running command/program.

cat /proc/<PID> to read kernel statistics.

kill -9 <PID> to shutdown a signal

renice -n 10 -p <PID> to lower process priority

strace -p <PID> to trace a process' system calls

PID 1 or systemd is the master process that starts first and is never exited from

ps, ps aux, ps -ef to view PIDs

ps -C <process-name>. pgrep <process-ame> to view specific process

Parent PID - PPID

ps -e --forest -o pid,ppid,cmd and pstree -p to PPIDs

When a kill <PPID> signal is sent to a process, all descendent processes receives the same signal.

Orphaned Processes

Orphaned processes are processes with parents that have exited before they finish. They are then adopted by PID 1 and their PID becomes PID 1 and continue running.

Zombie Processes

Zombie processes are processes that completed executing but is still in the process table waiting to be removed by the parent.

Process State

The process state identifies what a process is currently doing. A process can have one of these states:

  • R = Running: the process is running or ready to run.
  • S = Sleeping - interrupted: the process is waiting for input or for another event to complete
  • D = Blocked - uninterrupted: the processed is doing something important and cannot be interrupted
  • T = Stopped: the process has been manually paused
  • Z = Zombie: the process has completed and waiting for parent to remove from process table
  • X = Dead
  • I = Idle

Process Priority

nice

The nice priority command sets the "politeness" (priority) of a process when it competes for CPU time. The value ranges from -20 to 19 (the lowest priority). The default is 0.

nice [-n VALUE] <command> [arguments] to set the priority of a process.

ps -eo,pid,ni,cmd to view the nice value.

renice

renice is used to change the nice value of a running process. Only a user with root privileges can set negative nice values.

The generic syntax is renice [-n VALUE] {-p PID | -g PGID | -u user}

renice -n -5 -p 10234 to change tne nice value to -5 for process with PID 10234.

Process Monitoring Tools

ps - process status

Give a quick look at what is running in your machine. ps -ef give information about all processes including all attributes. ps aux also list processes with detailed information.

ps -e list every process on the system

ps -a list processes from other users terminals

ps -eo [COLUMNS] to customize which column to show

ps -C <command> to list processes with a specific name. ex: ps -C tar

ps -p <PID> to view a process information

Column Description
PID Process ID
PPID Parent Process ID
USER Owner of the process
CMD Command used to start the process
%CPU CPU usage
%MEM Memory usage
VSZ Virtual memory size (in KB)
RSS Resident Set Size (physical memory in KB)
STAT Process state (R, S, Z, etc.) + modifiers
TTY Terminal associated with the process
TIME Cumulative CPU time used
  • top

top provides a live updates of the process table.

SHIFT + P to sort the processes by CPU usage

SHIFT + M to sort the processes by memory usage

top -d [REFRESH INTERVAL] to set the refresh frequency in seconds. ex: top -d 1 to refresh the list every seconds.

  • htop

Enhanced top.

  • atop

atop records and stores metrics for later reviews.

Performance Metrics

mpstat tells how busy each CPU core is. It is part of systat package that is a collection of utilities that collect, report, and log essential system performance metrics.

  • -P cpu targets a single core
  • -P ALL targets every core

ex: mpstat 3 10 every 3 seconds, print CPU stats. Do this 10 times in a row. or mpstat -P ALL 2 10 to special all CPUs.

pidstat reports CPU, memory, and I/O usage. pidstat is also part of sysstat package.

ex: pidstat 2 shows per process CPU usage updated every 2 seconds.

  • -u shows CPU usage
  • -r shows memory usage
  • -d shows i/o usage
  • -p <PID> show stats for a specific process

ex: pidstat -u -r -d -p 2345 2 10 shows CPU, memory, i/o activity of process 2345 every 2 seconds for 10 times

Job Control Commands

  • Ctrl + Z suspends the active process and returns to the shell prompt without terminating the job.
  • jobs lets you see what jobs you have running in the shell
  • bg resumes a suspended job in the background. bg %1 resumes job 1 in the background
  • fg brings a job to the foreground. fg %1 brings job 1 to the foreground
  • disown %1 removes job 1 from job control from the shell's job table and keeps it running even after the shell exists
  • kill sends a signal to a job or process to terminate. ex: kill %1 to terminate job 1 or kill 2345 to terminate a job with PID 2345
  • & runs a command in the background from the start. ex mpstat 2 &
  • nohup (no hang up). it is like disown but prevents the job from receiving hang up signal from the start. ex: nohup long_job.sh & to start a job, free the terminal for other commands, and continue the job even if the terminal closes.

Job Scheduling

  • crontab helps run tasks repeatedly at regular intervals, such as every day, week, month... use crontab -e to edit user contrab. ex: crontab -e 0 23 * * * my_script.sh to run my_script.sh every day at 11:00 PM. Use crontab -l to view scheduled jobs.
  • at helps schedule one time tasks that will run at a specific data and time in the future. ex: at 11:30 AM tomorrow with prompt for the command to run tomorrow at 11:30 am.
  • anacron ensures scheduled tasks still run even if the computer is turned off when they where originally scheduled to execute.

Linux: Device Management

Kernel Module Management

Kernel modules allows the extension of a linux system. Linux allows adding and removing kernel modules.

insmod is used to manually install module into the kernel.

modprobe is used to install module with their dependencies.

rmmod is used to remove a module.

insmod

insmod requires the full path of the .ko file. It does not resolve dependencies so user is required to make sure that all the dependencies are already present in the system before using insnod to install a module. Ex: insmod /lib/modules/$(uname -r)/extra/custom_module.ko used to install custom_module.ko into the kernel located in /lib/modules/$(uname -r)/extra/ directory. $(uname -r) is used to retrieve the kernel current version. insmod is recommended for specific situation since it does not resolve dependencies.

modprobe

modprobe manages kernel modules and automatically handle dependency resolution. It requires only the module name unlike insmod which requires the full path of the module.

Use modprobe <module_name> to load a module in the kernel.

modprobe support multiple options.

  • -a allows loading multiple modules at once
  • -r removes a module and its dependencies
  • -f to force-load a module
  • -n to perform a dry-run to see eventual events if the module is to be loaded
  • -v to enable verbose mode

rmmod

Allows the removal of kernel modules. It does not check for dependencies. So, if a module is a dependency, rmmod will still remove it without warning. It must be used only if necessary. modprobe -r is convenient for safely removing modules.

lsmod

lsmod is used to view loaded modules.

modinfo

modinfo is used to view module information. Ex: modinfo mymod.ko

depmod

depmod scan all available kernel module and generate a dependency map file that is used by modprobe to load them correctly. It analyzes the directory /lib/modules/$(uname -r)/ to build the list of module dependencies. Running depmod in the terminal updates the depmod.dep file, which list all the dependencies.

To find which module depends on mymod for exemple use the command cat /lib/modules/$(uname -r)/depmod.dep | grep mymod

Harware Information

dmidecode provides information about the hardware from the DMI table (Desktop Management Interface table). It provides details about the BIOS, motherboard, CPU, Memory. dmidecode -t [TYPE] for specific information. Option TYPE could be system, processor, bios, memory, baseboard, chassis, cache, slot.

lscpu provides details about the CPU. Use lscpu -e for details of each core of the cpu

lsmem provides details about the system memory allocation

lspci list PCI-connected devices. PCI=Peripheral Component Interconnect.

lsusb list USB connected devices

lshw List hardware component information. Use lshw -short to get a summary of the report. lshw provide information included in lspci and lsusb.

System Monitoring and Diagnosis Commands

dmesg displays system messages, hardware logs, and boot messages. Use dmesg -TH --level-err --follow to follow system level error messages. It is useful for troubleshooting boot issues and hardware crashes.

lm_sensors is a package used for hadrware monitoring such as CPU temperature, fan speed, voltage level, and more. It provides commands for monitoring sensors via sensors, and watch sensors commands.

ipmitool is a tool for IPMI. IPMI=Intelligent Platform Management Interface.

initrd Management

mkinitrd is a tool used in RPM distro to manually create the initial RAM disk. Use mkinitrd [options] <initrd image> <kernel version>. Ex: mkinitrd -f /boot/initrd-$(uname -r).img $(uname -r) to force the creation of a new initrd

dracut is modern and more flexible alternative to mkinitrd. It automates the creation of initramfs images and provides better dependency management. Ex: dracut -f /boot/initramfs-$(uname -r).img $(uname -r) to force the creation of a new initramfs.

Linux: Directories, Files, and File Contents

Basics

Text editors:

  • vi
  • Vim: an improved version of vi (vi and improved). It has 2 modes: execute mode and insert mode.

The i key enables the insert mode.

ESC to exit the insert mode.

: to enter execute mode

:qto quit Vim

:wq to save and quit

:qa to quit without saving

/ to search for text

dd to delete a line

You don't have to be in insert mode to cut and paste texts.

  • Emacs
  • gVim: a graphical version of Vim
  • gedit: GUI based editor used in the GNOME desktop environment
  • GNU nano: a simple text editor.

CTRL+k to delete an entire lie

CTRL+O to save file

CTRL+x to close a file

Searching for Files

file

Very simple tool for finding file data type.

file backup1

stat

statprovides detailed information about a file or directory.

stat myfile

locate

locate performs a quick search for any specified file names and paths stored in the mlocate database. To use this command type locate [options] <string>. The following options are supported:

  • -r search for file names using regular expressions
  • -c display the n umber of matching entries found
  • -e returns only files that exist at the time of the search
  • -l Ignore the casing in the names or paths
  • -n <number of entries> return the first few matches up to the specified number

locate backup to locate anything that contains backup in the name

locate -i backup to make a case insensitive search

locate -ic backup to return only the number of entries found

updatedb is used to build a database of files based on the /etc/updatedb.conf file to update the /var/lib/mlocate/mlocate.db database file. /etc/updatedb.conf contains path that should be excluded. PRUNEPATH is used to specify a path that need to not be included while building the database (ex: PRUNEPATH="/etc"). locate may provide faster result because it is searching from a database. It might also provide inaccurate result because the database can be outdated

find

find is also used to search specific location for files and directories that adhere to search criteria. The command looks like find [options] <search locations> <search criteria> [actions]. Ex: find /home/user -type f -name myfile.txt to search in /home/user files with names matching myfile.txt. find command performs live search of the file system and in a specific location.

find / -type d -name 'log' to search from the root directory any directory that has log in its name.

find / -type f -name 'messages to look for files from the root directory when messages in their names.

find /var/log -type f -size +100k to search for files /var/logs with at lease 100kb of size.

find /var/log -type f -mmin -45 to look for files that haven't been updated for the past 45 minutes

find /var/log -type f -size 0 -or -size +100k -and -mmin -45 to locate files with size 0 or greater than 100k and updated within the last 45 minutes

which

which displays the complete path of a specified command by searching the directories assigned to the PATH variable. ex: which ssh

whereis

whereis is used to display various details associated with a command. ex: whereis ls. The proper way to run this is whereis [options] [directory name] <filename>

Viewing and Searching for content

head to see the beginning of a file. By default it display the fist 10 lines of a file. head [options] <filename>. use -n to specify the number of line to be shown. Ex: head -n 50 /etc/apache2/httpd.conf

tail to see the end of a file. it is useful for monitoring log files. It also displays the last 10 lines of a file. tail [options] <filename>. ex: tail -n 20 /var/log/boot.log. -f allows following changes made to the file.

more to view large files by page. more [options] <filename>. It is often used with a pipe operator to view output of another command. Ex: cat /var/log/syslog | more

less to view large files by page. It is an ehancement of more command with advanced navigation. less [options] <filename>. ex: cat /var/log/syslog | less

awk (Aho, Weinberger, and Kernighan) is a language for pattern matching in structured data.

grep(Global Regular Expression Print) is used to search contents for lines that match a given pattern. grep is a case sensitive command.

cut is used to extract specific sections of a file. It is efficient for column based data.

Counting and Sorting data

wc (word count) counts lines, words, and characters in a text. wc /var/log/error.log

sort sorts data in logical order. sort [options] file. Ex: sort -h prices.txt to sort numbers.

uniq filter out data for duplicates. It is usually combined with sort and | to provide a powerful functionality. ex: sort /var/log/auth.log | uniq -c. Or simply uniq input.txt

xargs (extended arguments) constructs and execute command line from standard input. ex: echo "file1.txt" | xargs cat,

Comparing files

diff

diff shows the differences between two files line by line. diff [options] file1 file2

  • -h ignores changes in the amount of whitespace
  • -w ignores all whitespace differences
  • -i makes the comparison case-insentives
  • -t preserves tab characters
  • -c, -u show differences in readable format for collaborative environments

ex: diff -i -u config_old.conf config_new.conf

sdiff

sdiff displays the differences side by side. sdiff [options] file1 file2

ex: sdiff old.txt new.txt

lsof List Open File

lsof show which files are currently open and which processes are using them. lsof [options] [target]

ex: lsof /var/log/syslog

Linux hard links points to only one file.

A symbolic link is like a shortcut to a file.

Use ln command to create hard and symbolic links. ln [options] <source> <targe>

ln original.conf hardlink.conf to create a hardlink

ln -s original.conf softlink.conf to create a soft or symbolic link

/dev directory

/dev stores special files that represent the file system's hardware and virtual devices.

Block Devices

Represents hardware devices that handles data in fixed-sized blocks such as hard drives, SSDs, and USB flash drives.

Character Devices

Represents devices that handle data continuously one character at at time such as serial ports, keyboards, and terminals

Special Character Devices

Help the system with tasks: /dev/null, /dev/zero, and /dev/urandom

Linux: Storage

Basics

Let's learn how to work with Linux storage and partitions. Storage devices are refered to by Block or Character devices in Linux. Block devices read and write block of data in HDDs and SSDs. Character devices read and write streams of data (keyboard, mice, serail ports).

File system

A file system is a data structure used by the operating system to store, retrieve, and manage files and directories. It also maintains the metadata of the files and directories.

Linux supports different file systems:

  • FAT: File Allocation Table. Compatible with many operating systems
  • ext2: A Linux native file system
  • ext3: A much faster and better file system
  • ext4: Supports volumes of up to 1 exabyte and a file size of up to 16 terabytes
  • BTRFS: Supports volumes of up to 16 exabytes and up to 18 quintrillion files in each volume
  • XFS: A 64-bit efficient and high performance journaling file system.

Other file systems function as network protocols:

  • SMB: Simple Message Block allows sharing data over a network.
  • CIFS: Common Internet File System
  • NFS: Network File System
  • VFS: Virtual File System

NFS and SMB are not compatible with each other.

Index Node (Inode)

The Inode store metadata about a file or directory on a file system. It does not include the file name or contents. Each file requires one inode. Use the command stat <filename> to view a file's index node. Directories also require inodes. We can run out of inodes before we run out of disk space. When that happen we can no longer create files in the disk. Inode exhaustion occurs when we have lots of small files.

df -i to view inode usage on Linux.

ls -i to view the inode files in a directory.

It is important to monitor inode usage.

Partitions

A partition is a section of the drive that as a separate drive. It allows dividing a drive into smaller and more manageable chunks.

There 3 types of partitions we can use:

  1. Primary partitions. It contains one file system or logical drive also called a volume. The swap file system and the boot partition are usually created in the primary partition. The swap file system is used as memory when the system runs out of memory.
  2. Extended partitions. It contains also multiple logical drives. This partition type does not contain any data and has a separate partition table
  3. Logical partitions. It is partitioned and allocated as an independent unit and function as a separate drive.

fdisk is used to create, modify, and delete partitions on a drive. It supports multiple options. It is used on older systems using MBR with small disks.

gdisk supports GPT partition tables.

parted is used to create, destroy, resize and resize partitions and runs the GNU Parted utility. It is a menu driven interactive tool just like fdisk but modern. It is supports large disks and GPT partition tables. It also allows the resizing of partitions without lost of data.

growpart is a tool used for extending partitions in cloud environment and virtual machines without destroying the data. The generic syntax is growpart <device> <partition number>. ex: growpart /dev/sdb 1 to expand partition 1 on /dev/sdb then resize2fs /dev/sdb1. growpart is part of the cloud-guest-utils (for Debian) and cloud-utils-growpart (for RHEL) package that may need to be installed separately. growpart does not create or delete partitions.

partprobe is used to update the kernel with changes that now exists within the partition table.

mkfs is used to build a Linux file system on a device, which is usually a drive partition. mkfs [options] <device> to run. The other way to use mkfs is mkfs <file system type> [options] <device name>.

fstab stores information about storage devices and partitions and where and how they should be mounted.

The /etc/crypttab file store information about encrypted devices and partitions that must be unlocked and mounted on system boot.

The process of setting up a storage device on a Linux system includes:

  1. Creating partitions using tools like fdisk or parted

fdisk to enter the menu n to select for creating a new partition. Provide the first sector (can be left to the default value) and the last sector to delimit the size of the partition. For example +4096M to imply adding 4Gi of space from the first sector. p to print the information w to write the changes q to quit the menu without saving the changes

Once the partition is create, use partprobe /dev/sdb to inform the kernel of the changes in the partition table.

parted /dev/sdb to enter the menu of GNU parted tool. print to see the partitions in the disk. mkpart to create a new partition. Type primary to select primary as type of partition.

example:

parted /dev/sdb to enter into the menu

mkpart to make a partition. Can also use mkpart PARTITION-TYPE [FS-TYPE] START END to create the partition in one go. ex: mkpart primary ext3 2048M 4096M or mkpart primary ext3 0% 30%

Partition type? primary/extended? primary to specify the type of partition

File system type? [ext1]? ext4 the specify the type of file system (ext1, ext2, ext3, ext4, xfs, ...)

Start? 2048M to set the start of the partition

End? 4298M to set the end of the partition

print to views partitions information

help to view parted commands details

quit to quit parted

Selecting the file system type does not format the partition in the select file system type but let the partition know that it will be formatted with the selected file system.

  1. Formatting the partitions with a file system using tools like mkfs

mkfs.xfs /dev/sdb1 to create a xfs file system on sdb1 partition. You might have to use the -f flag to force the formatting of the partition.

  1. Labeling the partition

For xfs partitions, use:

xfs_admin -l /dev/sdb1 to print out the label.

xfs_admin -L LABEL /dev/sdb1 to label the partition. ex: xfs_admin -L SystemBackup /dev/sdb1 to label the partition sdb1 SystemBackup.

For ext file system we use a different command:

e2label /dev/sdb2 to print out the current label

e2label /dev/sdb2 LABEL to add a label to the partition. ex: e2label /dev/sdb2 DataBackup

  1. Adding the formatted partition to fstab file so it can be configured by the system and run at boot time

/dev is a special file that contains all the devices.

/dev/null, /dev/zero, and /dev/urandom are special character storage devices used in the linux systems.

/dev/null (the Black Hole) is a special virtual device that discards anything that is redirected to it.

/dev/zero (the Zero Generator) is also a special virtual device that returns a null character (0x0000) anytime you read from it.

/dev/urandom (the Pseudorandom Source) is also a special virtual device that returns a randomized series of pseudorandom numbers.

Expanding a partition

lsblk to see all available disks and partitions fdisk /dev/sdb to enter fdisk menu and create a new partition using the n command parted /dev/sdb to enter parted menu for resizing the partition we just created. Run resizepart 1 5GB then quit

Logical Volumes

Partitions are not the only way to divide storage devices logically.

In Linux, Device Mapper creates virtual device and passes data from that virtual device to on or more physical devices. DM-Multipath provides redundancy and improved performance for block storage devices. mdadm is used to create and manage software-defined RAID arrays in Linux. In RAID arrays, data is stored across multiple storage devices, and those devices are presented as a single storage device. Using a RAID array is an alternative for using Device Mapper and DM-Multipath. mdadm tool allows creating, modifying, and managing RAID arrays.

RAID: Redundant Array of Independent or Inexpensive Disks. We have RAID 0, RAID 1, RAID 6, RAID 6, and RAID 10.

  • Striping combines multiple smaller physical disks to logically act as a single larger disk. ex: combining 2x2Tb disks to form a 4Tb logical disk.

  • Mirroring combines two physical hard drives into a single logical volume where an identical copy of everything is put on both drives. If one disk fails, the data can be entirely recovered in the second drive because it contains a full copy of the data.

  • Parity is used in RAID arrays for fault tolerance by calculating the data in two drives and storing the results on a different drive.

RAID 0 (Striping) is great for speed but provides no data redundancy. If one disk fail, the data cannot be recovered. And there is no lost of space.

RAID 1 (Mirroring) each disk contains a full copy of the data. There is a lost of space in this RAID 1.

RAID 5 (Striping with Parity). You must have at least 3 disks to configure a RAID 5. It is more efficient to create RAID 5, in terms of space, than a RAID 1. It is the most populate type of RAID in use in most server environments.

RAID 6 = RAID 5 + RAID 1 (Striping with Dual Party). We can loose up to 2 drives in RAID 6 compared to only one disk in RAID 5.

RAID 10 (Striping + Mirroring). It consists of 2 RAID 1 inside a RAID 0. RAID 10 requires a minimum of 4 drives. There will be a 50% lost of disk space when creating a RAID 10.

/proc/mdstat file is used to get information about the RAID in a Linux system. Use cat /proc/mdstat to read RAID configuration on the system.

mdadm --create /dev/md0 --level=1 --raid-devices=2 /dev/sd[b-c] to create a software RAID in Linux.

Logical Volume Mapper (LVM)

LVM maps whole physical devices and partitions into one or more virtual containers called volume groups. The volume groups are going to become the storage devices the system, users, and applications are going to interact with. With the LVM we can dynamically create, delete, and resize volumes without having to reboot the system. We can also map multiple logical volumes across multiple physical devices. And we can create virtual snapshots of each logical volumes.

/dev/mapper contains all logical volumes in a system that are been managed by the LVM. Devices in the /dev/mapper directory are usually called /dev/mapper/<volume groupe name>-<logical volume name>

The Logical Volume Manager provide logical volume management tools based on three layers:

  1. Physical volume tools:

LVM physical volumes are raw physical drives or partitions used by LVM.

pvscan scans for all physical devices being used as physical volumes

pvcreate initializes a drive or partition to use as a physical volume

pvdisplay lists attributes of physical volumes

pvchange changes attributes of a physical volumes

pvmove moves data from one physical volume to another without loss of data. Useful when we want to migrate data from one disk to another. pvmove [options] <source pv> [destination pv] ex: pvmove /dev/sdb1 /dev/sdc1 to move data from /dev/sdb1 to /dev/sdc1. --background flag allows running the command in the background. --abort is used to cancel a running move.

pvs displays information about physical volumes

pvck checks the metadata of physical volume

pvremove removes physical volumes. The command will fail if the pv is part of any group.

pvresize to make LVM recognized increased size of physical volumes. ex: pvresize /dev/sdb

  1. Volume group tools:

A volume groups is a pool of storage created from one or more LVM physical volumes.

vgscan scan all physical devices for volume groups

vgcreate creates volume groups

vgdisplay list attributes of volume groups

vgchange changes attributes of volume groups

vgs displays information about volume groups

vgck checks the metadata of volume groups

vgrename renames a volume group

vgreduce removes physical volumes from a group to reduce its size

vgextend adds physical volumes to volume groups

vgmerge merges two volume groups

vgsplit splits a volume group into two

vgremove removes volume groups

  1. Logical volume tools:

A logical volume is a partition created from a volume group that will act as a storage device in the system.

lvscan scans all physical devices for logical volumes

lvcreate creates logical volumes in a volume group

lvdisplay displays attributes of logical volumes

lvchange changes attributes of the logical volumes

lvs displays information about logical volumes

lvrename renames a logical volume

lvreduce reduces the size of a logical volume

lvextend extends the size of the logical volume

lvresize resizes logical volumes

lvremove removes logical volumes

Managing Logical Volumes

ls /dev/mapper to see logical volumes

pvcreate /dev/sdb1 /dev/sdb2 to create a physical volumes

vgcreate backups /dev/sdb1 /dev/sdb2 to create a volume groups

lvcreate --name sysbk --size 4GB backups

lvcreate --name appbk --size 2GB backups

lvcreate --name logbk --size 0.5GB backups

lvscan and lvdisplay will show the 3 newly created logical volumes sysbk, appbk, and logbk in the backups volume group.

So we create a volume group (backups) that groups 2 physical volumes (sdb1 and sdb2). Then we created 3 logical volumes (sysbk, appbk, and logbk) in the volume group.

Let's extend logbk to 1GB:

lvextend -L1G /dev/backups/logbk

Let's reduce appbk to 1GB:

lvreduce -L1G /dev/backups/appbk

Let's file system in the volumes we just created:

mkfs.xfs /dev/backups/sysbk

mkfs.ext4 /dev/backups/appbk

mkfs.ext4 /dev/backups/logbk

Mounting/Unmounting File Systems

File systems have to be mounted before the OS can read or write.

A Mount Point is an access point that is typically an empty directory whre a file system is loaded or mounted to make it accessible to users.

The mount command is used to load a file system to a specify directory to make it accessible to users and applications.

mount [options] <device name> <mount point> to mount a file system. ex: mount /dev/sdb1 /home to mount sdb1 to the home directory.

Mount options:

auto device must be mounted automatically

noauto device should not be mounted automatically

nouser only the root user can mount a device or a file system

user all users can mount a device or file system

exec allow binaries in a file system to be executed

noexec prevent binaries in a file system from being executed

ro mount a file system as read-only

rw mount a file system with read write permissions

sync input and output operations should be done synchronously

async input and output operations should be done asynchronously

remount allows to change a file system options without having to unmount it first. For example changing from rw to ro. Ex: mount -o remount,ro /mnt/data to remount /mnt/data in ro mode.

noatime prevents the application of a timestamp to record file reads. This can improve performance as it reduces disk writes.

nodiratime stops updates for directory access times

flush ensures that all metadata is written on disk

Unmounting a File System

We can use the umount command to unmount a file system. The file system must not be in use when being unmounted.

Use umount [options] <mount point> to unmount a file system.

fstab (File System Table) contains the list of file systems to be mounted, their mount points, and any options that might be needed for specific file systems. We can also use systemd.mount to create a new mount unit to mount a file system.

Filesystem in USErspace (FUSE) lets non-priviledge users create own file systems without editing the underlying kernel code.

Let's mount our logical volumes now:

mkdir -p /backups/sys /backups/app /backups/log to create necessary directories

mount /dev/backups/sysbk /backups/sys

mount /dev/backups/appbk /backups/app

mount /dev/backups/logbk /backups/log

mount will show the associations of volumes and mount points.

umount /backups/log will unmount the volume mounted at backups/log

Mounting Volumes at Boot

Let's make sure that volumes are mounted at boot time. For that we need to manipulate the fstab configuration file.

nano /etc/fstab to start editing the configuration file.

Add all volumes to be mounted at boot time at the end of the file. Ex:

/dev/backups/sysbk /backups/sys xfs 0 0

/dev/backups/appbk /backups/app ext4 0 0

/dev/backups/logbk /backups/log ext4 0 0

Then use mount -a to test the fstab configurations to make sure that all volumes listed can be mounted at boot time.

Managing File Systems

There are a lots of tools and configurations that can be used to manage Linux file systems. For example:

/etc/mtab file reports the status of currently mounted file systems. It looks like the /proc/mounts but /proc/mounts is more accurate and includes more up-to-date information on file systems.

/proc/partitions file contains information about each partition attached to the file system.

lsblk displays information about block storage devices currently available on the system.

lsblk [options] [device name] has multiple options:

  • -a list empty devices

  • -r list devices excluding provided output devices

  • -f display additional information

  • -l display results in list format

  • -m display device permission information

blkid prints each block device in a flat format and includes some additional information.

The following are common tools used for managing ext type file systems:

e2fsck used to check for file system issues

resize2fs used to resize ext2, ext3, and ext4 file systems

tune2fs used to adjust various tunable parameters of the ext2/ext3 file systems. it can also be used to add a journal to an existing ext2 or ext3 file system.

dumpe2fs prints the superblock and block group information of the selected device.

Use fsck command to check the correctness and validity of a file system.

A file system superblock contains metadata about the file system, including its size, type, and status. If it becomes corrupted, we must use a tool like fsck to repair it.

The following are tools used to manage xfs file systems:

xfs_info display details about the XFS file system

xfs_admin change the parameters of an XFS file system

xfs_metadump copy the superblock metadata of the XFS file system to a file

xfs_growfs expand the XFS file system to file the drive size

xfs_copy copy the contents of the XFS file system to another location

xfs_repair repair and recover a corrupt XFS file system

xfs_db debug the XFS file system

For scsi devices, use lsscsi to list information about SCSI devices connected to a Linux system.

fcstat is used to interact with and display statistics of Fiber Channel connected devices.

Directory Structure

Directories are containers for other files

Special files are system files stored in the /dev directory.

Links make a file accessible in multiple parts of the system's file tree.

Domain Sockets provide inter-process networking that is protected by the file system's access control

Name pipes enables processes to communicate with each other without using network sockets

Use the command file [options] <file name> to determine the type of file you are working with.

Security Mount Options

nodev prevents the use of special device files. ex: mount -o nodev /dev/sdb1 /mnt/safe or in fstab /dev/sdb1 /mnt/safe ext4 defaults,nodev 0 2. It may be used in /home, /mnt/usb, /var/tmp, and more. It should not be used in /dev

nosuid prevents files from granting extra priviledges when they run. It may be used in /home, /var/tmp, network shares, and removable drives.

noexec prevents a binary program from executing directly from file system even if it has an execute permission. Ex: mount -o noexec /dev/sdb1 /mnt/usb or /dev/sdb1 /mnt/usb ext4 defaults,noexec 0 2(in /etc/fstab). noexec prevents direct execution (ex ./program.sh) but not interpreters' scripts (ex python ./myscript.py)

Network Mounts

NFS: Network File System. Linux to Linux sharing. Syntax: mount -t nfs <server>:/<remote-path> <local mountpoint>. ex: mount -t nfs 192.168.1.2:/shared/data /mnt/shared or in fstab 192.168.1.10:/shared/data /mnt/shared nfs defaults,_netdev 0 0

SMB: Server Message Block. Cross platform sharing. SMB uses CIFS (Common Internet File System) protocol under the hood. Syntax: mount -t cifs //<server>/<share> <local mountpoint> -o username=<user>,password=<pass>. The local mount point is the directory where you want the mount to show once mounted. ex: mount -t cifs //192.168.1.2/shared /mnt/shared -o username=demo,password=vEreaSaCrEat

Troubleshooting Storage Issues

ulimit limits the system resources for a user in a Linux-based server.

ulimit -n 512 limits the number of open files to 512 for a particular user

ulimit -a displays all the current limits

df/du (disk free/disk usage) facilitate storage space tracking. df displays the device's storage space and du displays how a device is used.

df -h to display human readable format of the amount of space in the system

df -h /dev/backups/appbk to see the space in appbk logical volume

du -h /dev/backups

iostat generates reports on CPU and device usage. I can be used to determine issues with iops.

iostat -d /dev/backups/appbk to view the I/O stats of appbk

ioping generates a report of device I/O latency in real-time

ioping -c 4 /dev/backups/logbk to check for latency in real-time

Storage Quota allows managing the storage space per user. Here are tools used to manage storage quotas:

quotacheck -cug <mount point> create quota database file for a file system and check for user and group quotas

edquota -u <username> edit quotas for a specific user

edquota -g <group name> edit quotas for a specific group

setquota -u <username> set quotas for a specific user

setquota -g <group name> set quotas for a specific group

Before using these commands, we have to activate user and group quotas on the file system. To do that, edit the fstab file to add the options usrquota and grpquota to the the relevant file system.

With XFS file system, you can use xfs_admin to configure quotas.

To generate quota reports, use the following the commands:

repquota -a display the reports for all file systems indicated as read-write quotas in the mtab file

repquota -u <username> display the quota report for a particular user

quota -uv <username> display the quota report for a particular user with verbose output

warnquota -u check if users are not exceeding the alloted quota limit

warnquota -g check if groups are not exceeding the alloted quota limit

To troubleshoot a device, start with simple things:

  • make sure it is powered and recognized by the system by checking the /proc directory
  • check errors in the configuration files ftab
  • make sure to reload the config files if changes have been made to them
  • confirm that there is enough capacity
  • confirm that I/O is not overwhelming the device
  • use partprobe to scan for new storage devices and partitions and load them into the kernel
  • select the appropriate scheduler to optimize performance. ex noop for flash drives. To change the scheduler, change the /sys/block/[sda]/queue/scheduler config file with echo noop > /sys/block/[sda]/queue/scheduler
  • to prevent user from consumming excessive space, we are going to edit the fstab config file to enable quotas with /dev/backups/appbk /backups/app ext4 defaults,usrquota 0 0. Use edquota -u john to edit the soft and hard limits of the user john.

Linux: Permissions and Ownership

Basics

How to properly apply and troubleshoot access control.

File and directory permissions.

It is important to make sure the right users have the right access to the right resources in the Linux enviroment.

Files and Directories Permissions

Permissions are access rights assigned to users to enable them to access and modify files and directories. It is best practice to apply the principle of least priviledge. Give users only access to the permissions they need to perform their tasks. No unecessary additional permission should be added.

ls displays the permissions set on files and directories. ls -l will give a long details of the content of a directory. ls has few useful flags:

  • -l to show a long description of the files
  • -a to show all files including hidden files
  • -h to show display a human readable format of the files details

Permission attributes defines the access level users are allowed to do on selected file or directory.

The permission attributes for files are:

  • r to indicate a read permission. It allows the user to read the content of a file.
  • w to indicate a write permission. It allows the user to save changes of a file.
  • x to indicate a execute permission. It allows the user to execute a script or program.

For directories:

  • r to indicate a read permission. It allows the user to list the content of a directory.
  • w to indicate a write permission. It allows the user to create, rename, and delete files in the directory.
  • x to indicate a execute permission. It allows the user to execute scripts from the directory.

Permission attributes on files and directories are applied to one of several contexts or different uses and entities.

Permission context:

  • u owner (user): refers to the owner of the directory
  • g group: refers to the files or directories group
  • o other: refers to other users. These are users that are the owner or member of the group.

chmod

chmod is used to change the permissions of a file or directory. chmod [options] <mode> <file or directory> is the proper syntax for modifying a file or folder permissions

Permission Context Permission Operators Permission Attributes
u/g/o/a +/-/= r/w/x

The + operator grants permission, - removes a permission, and = assigns the permission as provided.

In symbolic mode, use chmod <access context> <operators> <permission attributes> <file or directory>. For example: chmod g+w my_file.txt will assign the write permission of my_file.txt

chmod in absolute mode

We can also use chmod in absolute mode. The absolute mode uses octal numbers to specify permissions:

  • 4 => read permission
  • 2 => write permission
  • 1 => execute permission

Adding them up will give the permission number to assign to a file or folder.

7 equals to wrx permisson because 4+2+1=7. 6=rw because 4+2=6

chmod <number> <file or directory> is the proper syntax to assign permissions in absolute mode.

The permission 724 means:

  • 7 for the owner permission (wrx)
  • 2 for the group permission (w)
  • 4 for the other user permission (r)

umask

the umask (user file-creation mask) command is used to set the default permissions for newly created files and directories. We can set default permissions permanently in the .bashrc file. Just add umask 0022 to the .bashrc file.

umask 0022 command sets the default temporary permission to 666 - 022 = 644 for files and 777 - 022 = 755 to directories if used in bash.

You cannot add permissions with umask.

Files and Directories Ownership

Ownership refers to who can make changes to a file or directory permissions. Only the root user have the permission to change the permission of files and directories of all other users.

Use chwon to change the owner or group of a file or directory. The correct syntax to use chown is chown <username> <file or directorie>. For example chown demo dir1 to change the ownership of dir1/ to demo. This will only change the owner but not the group.

To change the owner and group of the file or directory, use chown <username>:<group-name> <file or directory>. To change the group but not the owner, use chown :<group-name> <file or directory>.

To do recursive change of ownership in a diretory, we can use the -R flag: chown -R <username> <file or directory>.

To chagne a group ownership of a file or directory, use chgrp command: chgrp <group-name> <file or directory>.

Special Permissions and Attributes

Special permissions are used to allow less priviledged user to asume permission of the group or owner of file to perform a task.

There are two special permissions that can be used:

  • Set User ID (SUID): The user allowed to have the same permission as the owner of the file
  • Set Group ID (SGID): The user is allowed to have the same permission as other members of the group

chmod u+s <file> to set the special permission for a file in symbolic mode.

chmod 4### <file> to set the special permission for a file in absolute mode.

chmod g+s <direcotry> to set the special permission for a directory in symbolic mode.

chmod 2### <directory> to set the special permission for a directory in absolute mode.

The Sticky Bit is another special permission. It protects files in directories. It makes sure only the root or owner of the file or directory can delete the file or directory.

chmod +t <direcotry> to set the sticky bit permission for a directory in symbolic mode.

chmod 1### <directory> to set the sticky bit permission for a directory in absolute mode.

The immutable flag protect files and directories from being modified. It is very useful for sensitive files and directories.

lsattr

lsattr command is used to list the attributes of a file or directories. To use it type lsattr [options] <file or directory>. lsattr support the following options among others:

  • -R recursively list the attributes of all files in the directory
  • -a list all files
  • -d list all directories
  • -v list the version number of the files

chattr

chattr is used to change the attributes of a file or directory. To change the attribute of file or directory, use the command chattr [-R] [-v <version>] [+-<attributes>] <file or directory>. The option +i marks the file or directory as immutable. -i will remove the immutable attribute from the file or directory.

Access Control Lists (ACLs)

We can use access control lists to set different level of permission to different groups that need access to the same ressources. One group may need rwx and another only needs rw.

The command getfacl to get the access control lists of a file and directories.

setfacl is used to change the permissions associated with the ACL of a file or directory. The command looks like: setfacl [-br] [-mx <acl specs>] <file or directory>. This command supports the following options:

  • -r recursively sets the ACL of the content of a directory
  • -s sets and replaces the existing ACL of a file or directory
  • -m modifies the existing ACL of a file or directory
  • -x removes the existing ACL of a file or directory
  • -b removes all permissions except the standard permissions

Example: setfacl -R -m g:students:r /assignments modifies the current ACL to give read permissions to the students group the assignments directory.

u:<username>:<permissions> or

g:<username>:<permissions>

By default only one group can be associated with a directory. ACLs allow giving permissions to a directory more groups.

Troubleshooting Permission Issues

Follow the 7 step troubleshooting technic in the CompTIA A+.

  1. Identify the issue
  2. Establish a theory of probable cause
  3. Test the theory to determine the cuase
  4. Establish a plan of actions
  5. Apply the solution
  6. Verify full system functionality
  7. Document findings, actions, and outcomes

Linux: Users and Groups

Basics

This post contains the notes I am taking while learning Linux users and groups.

The root user is the most powerful user on the Linux system. It can perform any task on the system. It is a good practice to user a separate user to perform the day to day operations.

Each user should have a separate standard user with limited priviledges that allow them to perform only the tasks they are assigned.

There are also service accounts that are specific to a particular service such as docker, incus, nginx, ... They are not setup for interactive login.

It is a security best practice to login into a Linux system with non-priviledge account instead of the root account. A user should not given more priviledge than they need to perform their job. That is the principle of least priviledge.

If root priviledge is required to perform a task, one can elevate their privildege as needed using the su -root or su - command.

root priviledges can be delegated to other users using sudo. To delegate commands to a user, list the user in the /etc/sudoers using the visudo editor. This file can only be edited with visudo editor and the syntax is verified before any change is saved. While sudoers have elevated priviledge, they cannot do everything a root user can do.

Wheel group have limited root priviledge and is usually used for performing administrative tasks. Members of the wheel group can use sudo or su to perform root user tasks.

Polkit (PolicyKit)

It is a tool in the Linux system that controls the communication between priviledge processes and non-priviledge ones.

pkexec mkdir /lab-1 to create the folder lab-1 in the root directory of the system using the room priviledge. sudo seems easier; right?

You can use the id command to verify the user priviledge. The root user always have id 0.

Create, modify, and delete a new user

useradd demo to create a new user. The account will b saved in /etc/passwd file and configured according to options set in the file /etc/login.defs. The user's home directory is created in the /home/<account name> directory and populated using files from the /etc/skel directory (or sckeleton directory). useradd does not set the password of the user account. The password must set separately. In this stage the account is created but not usable yet.

useradd [options] username is the general syntax for creating a user account. The following are usefull options:

-e: to set the expiration date of the account. After the set date, the account becomes unusable. Example: useradd -e 2026/10/25

-s: to set the default shell for the user. Example: useradd -s /bin/bash.

-D: to view the default configuration for the new user.

-c: add a comment to the user account. Adding a comment to the user account may make administering user accounts easier.

passwd demo is used by the root user to set a new password the newly created user. user demo in this case. The same command is also used to reset the password of all users.

visudo to open the sudoers file and add users to the sudoers group if needed.

demo ALL=(ALL) NOPASSWD:ALL with add demo the sudoers group in order to perform root level tasks.

User account information is stored at /etc/passwd. The proper way to edit the /etc/passwd file is through useradd, usermod, or userdel. Modern systems stores user password hashes and account information in /etc/shadow file. Only the root user have access to the shadow file.

Use pwck command to check the validity of the /etc/passwd file.

The shadow file contains the following information:

  • username
  • Hashed password
  • Number of days since the password was changed
  • Number of days before the password must be changed
  • Number of days until the user is warned to change their passsord. The value of 99999 means the password never needs to be changed
  • Number of days after the password expires that account gets disabled
  • Number of days the account has been disabled
  • Unused field reserved for future use

chage -E <date> <username> is used to change the expiration date of an already existing account. Example: chage -E 2025/11/30 demo to change the demo account expiration date. The date is of the YEAR/MONTH/DAY format.

chage -l <username> to see the account expiration information.

chage -M <days> <username> to change the Maximum number of days the user must change their password. 90 days is a typical value for regular user and 60 for admin users.

chage -W <day> <username> to change the number of the days user is warned to change their password before it expires. 5 is a typical value.

usermod -l <new-username> <current-username> to change the username of an existing user. The usermod command is used to modify user account information.

A quick way to lock user account is to use passwd -l <username>. passwd -u <username> to unlock the account.

userdel <username> is used to delete a user. The user home directory stays on the system after the account deletion. To delete the home directory of the user along the account, we can use the -r flag with the userdel command.

passwd -l <username> is also used to lock user account. passwd -u <username> is used to unlock the account.

usermod -L <username> is used to lock user account as well. usermod -U <username> unlocks the account.

chsh -s /bin/zsh <username> is used to change the user default login shell.

Create, modify, and delete a user group

User groups are used to set requirements for a set of users. User groups are stored in /etc/group. Each group contains 4 fields of information:

  • nameL the group name
  • password: the password required to enter this group
  • id: group id
  • list: the members of the group

groupadd, groupmod, and groupdel is used to properly modify the group file. By default a newly created group has member and no password.

groupadd [options] <group name> is the command to create a new group. Example: groupadd -g 100 instructors creates a group called instructors.

groupmod -n <new-group-name> <current-group-name> to modify the name of an existing group.

To add a user to a group we can use the usermod command. For example usermod -aG instructors demo to add the account demo to the instructors group.

Using the groupdel command will not delete the users in the selected group. It just delete the group itself. The proper way to delete a group is to use the command groupdel [options] <group name>. For example groupdel students will delete the students group.

Search users and groups

whoami is used to know the username of the currently logged in user.

A # indicates a root user and a $ indicates a standard user.

who show the details of users currently logged in. It shows information like the username, name of the system, and date and time since the user is connected. -u flag will show the idle time. . indicates that the user is active until now, old indicates that the user is inactive over 24h.

who am i shows only the information of the user who ran the command.

w command is used to show the details of users currently logged in and their transactions. w [options] [username] is the the command to get details of another user.

last show the history of the user login and logout actions, and the actual time and date. It retrieves the information from the /var/log/wtmp file.

lastlog displays the last login time for all users

id to display user id (UID) and group id (GID) information. id [options] [username] is the proper syntax.

groups <username> to determine all the groups a user is part of.

To view all the members of a groups, there are 2 commands that is usually installed in some distros: lid (List Id) and libuser-lid.

getent (Get Entries) retries group members of non standard authentication methods

Account profiles

.bashrc file enables customization of the user's own environment. It is unique to each user. It is commonly used for storing aliases, environment variables, default directories, file permissions, and default command prompt. It is located at ~/.bashrc.

.bash_profile files provides the shell configuration for the initial login environment. It is located at ~/.bash_profile in the home directory of each user.

To execute a script when any user logs in to the system place your script in /etc/profile. /etc/profile.d holds configuration scripts that will run for all users. It is recommanded to user /etc/profile.d for setting system wide variables via scripts rather than editing the /etc/profile file.

/etc/bashrc provides a system-wide configuration changes specific to Bash settings. It is different than the ~/.bashrc which is specific to each user.

Linux: Basics

The Linux open-source operating system was created by Linus Travolta in 1991. Linux has multiple distributions. A distributions is a system built on the Linux kernel, software packages, and package management system. Linux distributions usually follow two categories: RPM based and dpkg based. The difference between the two is the package managmement they use.

Linux is built on the priciple of FOSS (Free and Open Source Software) that allows users to change, share, and distribute it freely.

RPM-based Distributions

RPM = Red Hat Package Manager includes RHEL, CentOS, Almalinux, Fedora, and OpenSUSE. They use dnf command (previously yum) to manage packages. Zypper for OpenSUSE. RHEL (Red Hat Entreprise Linux) is a commercial distribution that typically requires a subscription.

dpkg-based Distributions

They derive from Debian including Ubuntu, Linux Mint, and Kali Linux. They use the dpkg and apt (Advanced Package Tool) package manager. The .deb package format requires the dpkg tool for installation. apt automatically retrieves packages and their dependences from online repositories.

Linux Boot Process

The Linux Boot Process is how a computer using the Linux operating system starts up. It has 4 main components:

  1. Preboot Execution Environment (PXE): used for remote booting
  2. Bootloader: Loads the OS and prepares the system
  3. Initial RAM Disk (initrd): Provides essential drivers and tools before switching to the real root filesystem
  4. Kernel: The core of the OS, managing system resources
  5. init: The process in the system

Preboot Execution Environment (PXE)

It allows a computer to start up over a network connection rather than booting from its internal storage. it is useful where many system have to be setup simultaneously or remotely. Here are the steps for PXE Booting a computer:

  • The network card activates to start the boot process
  • The network card request an IP address from the DHCP server
  • The DHCP server provides the location of the TFTP server
  • The necessary files are transferred from the TFTP server
  • The Bootloader is executed to load the operation system

Bootloader

There several Bootloaders but GRUB2 (Grand Unified Bootloader v2) is commonly used. It is responsible for selecting and lunching the Linux kernel. WHen the computer starts,

  • The firmware hands control to GRUB2
  • GRUB2 displays boot menu: The user select the OS or kernel if multiple operating systems are available
  • GRUB2 reads configuration from /boot/grub/grub.cfg that contains kernel version and other options
  • GRUB2 loads initrd and the kernel and the system prepares for booting

Use update-grub to modify GRUB configuration at /etc/default/grub

Initial RAM Disk (initrd)

initrd.img is a temporary root filesystem that is loaded into memory before the real root filesystem is mounted. it contains the tools needed for booting. It is typically located at /boot/initrd.img. It can be managed using tools like mkinitramfs and dracut depending on the Linux distro.

Kernel

The kernel is the main component of the operating system. It manages the hardware, processes, memory, and system resources. The kernel behavior can be adjusted using sysctl to modify the kernel parameters at runtime. The change can be made permanent by updating the configuration file /etc/sysctl.conf then apply the changes with sysctl -p command. The kernel also start the first process: init.

init

The init system is the first process that start all other processes. It has a PID of 1. It is the parent of all other processes.

System Directories

The Filesystem Hierarchy Standard (FHS) specifies a set of guidelines for the names of files and directories and their locations on Linux systems.

Here are some important directories in a Linux system:

/ the root directory. It is the top level directory from which all other directories branch out.

/bin stores essential command line utilities and binaries

/boot contains the files necessary to boot the Linux OS: /boot/initrd.img, /boot/vmlinuz, /boot/grub/grub.cfg

/dev stores hardware and software device drivers (/dev/sdb the first drive, /dev/tty the first terminal interface, /dev/null, /dev/random)

/etc stores system-wide configuration files. Important files include /etc/passwd for user account details, /etc/shadow for password information, /etc/fstab for file system mount points, /etc/hosts for hostname to ip mappings, and /etc/ssh/sshd_config for SSH configuration.

/home stores users' home directories, including personal files. By default, every user is assigned a sub directory in the /home directory.

/lib stores shared program libraries required by the kernel, command-line utilities, and binaries

/media stores mount points for removable media such as CD-ROMs and floppy disks

/mnt refers to the mount point for temporary mounting file systems

/opt stores optional files for large software packages

/proc represents continually updated kernel information to the user ina typical file format. For example we have: /proc/cpuinfo for CPU usage, /proc/meminfo for memory usage, /proc/uptime for system uptime, /proc/[PID]/ for information about running processes. The /proc directory is important for monitoring and troubleshooting system performance.

/root represents the home directory of the root user

/sbin stores binaries used for completing the booting process which are also used by the root user (/sbin/fsck, /sbin/reboot, /sbin/iptables, /sbin/mount)

/sys stores information about devices

/tmp stores temporary files that may be lost on system shutdown

/usr is a read-only directory that stores small programs and files accessible to all users. /usr/bin contains programs that can be executed by all users. /usr/local contains custom build application that is contained here by default.

/var stores variable files, or files that are expected to constantly change as the system runs. It includes /var/log for logs, /var/mail for mail storage, /var/www for websites.

Environment Variables

The $ is used to recall environment variables. For example echo $USER will print the username that is stored in a variable called USER. The are few more usefull user variables in addtion to USER: HOME holds the user home directory path, SHEL holds the command line interpreter running the current environment, PS1 defines the styles and content of the command line prompt.

PATH and DISPLAY are common system variable often seen in Linux systems. PATH is used to find executables when a command is entered in the terminal. DISPLAY tells to applications, which screen to send graphical output.

Input and Output Redirection

< is used for redirecting file content as command input

<< (Here-document) allows embeding multiple line input in a command

<<< (Here-string) allows passing a single string input to a command

> redirects output to a file and override the existing content

>> appends output to a file content

2> and 2>> can be used to capture error output into a separate file

&> can be used to capture both standard output and error into a file

Command history

history allows displaying all commands entered in the current and previous session

!! let us repeat the last command

! can execute a command that start with the string provided

alias allows personalizing shortcuts for long commands

More

uname provides essentials details about the system such as operationg system, kernel version, and hardware architecture.

source used to execute scripts in the current shell session. For example environment variable can be updated with source without loging out users. Ex: source ~/.bashrc to load environment variables